CN112653709A - Vulnerability detection method and device, electronic equipment and readable storage medium - Google Patents
Vulnerability detection method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN112653709A CN112653709A CN202011643799.8A CN202011643799A CN112653709A CN 112653709 A CN112653709 A CN 112653709A CN 202011643799 A CN202011643799 A CN 202011643799A CN 112653709 A CN112653709 A CN 112653709A
- Authority
- CN
- China
- Prior art keywords
- http
- message
- audit
- vulnerability detection
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 204
- 238000000034 method Methods 0.000 claims abstract description 74
- 230000004044 response Effects 0.000 claims description 177
- 238000012550 audit Methods 0.000 claims description 138
- 230000037431 insertion Effects 0.000 claims description 14
- 230000009193 crawling Effects 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012216 screening Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 description 38
- 238000004891 communication Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 238000002347 injection Methods 0.000 description 5
- 239000007924 injection Substances 0.000 description 5
- 230000003068 static effect Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000009877 rendering Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000013515 script Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides a vulnerability detection method, a vulnerability detection device, electronic equipment and a readable storage medium, and relates to the technical field of security. According to the method, a vulnerability detection program is inserted into a pre-stored HTTP message for the to-be-audited website, so that vulnerability detection of the to-be-audited website is realized through the obtained auditing HTTP message, and the HTTP message is not only a message for a page, so that the HTTP message in the method is all messages for the to-be-audited website, so that the to-be-audited website can be detected more comprehensively, and the probability of missing reports is reduced.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a vulnerability detection method, apparatus, electronic device, and readable storage medium.
Background
With the development of the internet, various network applications emerge endlessly, various functions are realized, various security holes are introduced, and a riding machine is provided for attackers. In response to the increasing demand for website security, many website vulnerability scanners are developed, which crawl the entire website according to the URL provided by the user, download the web pages, and then detect and analyze the content of the web pages to detect whether vulnerabilities exist in the web pages.
In the existing vulnerability detection, vulnerability detection is only carried out on a page, detection is not comprehensive, and the problem of missing report can be caused.
Disclosure of Invention
An object of the embodiments of the present application is to provide a vulnerability detection method, apparatus, electronic device and readable storage medium, so as to solve the problem that in the prior art, vulnerability detection is performed only on a page, so that detection is incomplete.
In a first aspect, an embodiment of the present application provides a vulnerability detection method, where the method includes: acquiring a pre-stored HTTP message aiming at a website to be checked; inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message; and sending the audit HTTP message to target equipment so as to perform vulnerability detection on the website to be audited by using the audit HTTP message.
In the implementation process, the vulnerability detection program is inserted into the pre-stored HTTP message for the to-be-audited website, so that vulnerability detection of the to-be-audited website is realized through the obtained audit HTTP message.
Optionally, the HTTP message includes an HTTP request message and an HTTP response message corresponding to the HTTP request message, and the inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message includes:
receiving a target HTTP request message sent when a browser of the terminal equipment loads a page to be detected of the website to be examined;
searching and obtaining a target HTTP response message corresponding to the target HTTP request message from the prestored HTTP message;
inserting a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message;
the sending of the audit HTTP message to the target device to perform vulnerability detection on the website to be audited by using the audit HTTP message includes:
and sending the audit HTTP response message to a browser of the terminal equipment so as to perform vulnerability detection on the loading condition of the browser for loading the page to be detected based on the audit HTTP response message.
In the implementation process, the audit HTTP response message is obtained and sent to the browser, so that vulnerability detection can be performed on the page of the browser, detection of the front-end page is achieved, the request does not need to be sent to the website server again, the number of requests in the vulnerability detection process can be effectively reduced, and the burden of the website server is relieved.
Optionally, inserting a vulnerability detection program into the target HTTP response packet to obtain an audit HTTP response packet, including:
judging whether the target HTTP response message comprises undetected detection points or not;
and if so, inserting a vulnerability detection program into the corresponding detection point to obtain an audit HTTP response message.
In the implementation process, the vulnerability detection program is inserted into the detection points in the target HTTP response message, so that the problem of interference caused by the vulnerability detection program being inserted into a plurality of detection points at the same time can be avoided.
Optionally, after obtaining the audit HTTP response packet, the method further includes:
and marking the detection points of the vulnerability detection program inserted into the audit HTTP response message. Thereby facilitating identification of detection points where no vulnerability detection program is inserted.
Optionally, the HTTP message includes an HTTP request message and an HTTP response message corresponding to the HTTP request message, and the inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message includes:
receiving a target HTTP request message sent when a browser of the terminal equipment loads a page to be detected of the website to be examined;
when a target HTTP response message corresponding to the target HTTP request message is not found from the prestored HTTP messages, sending the target HTTP request message to the website server;
receiving a target HTTP response message returned by the website server according to the target HTTP request message;
inserting a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message;
the sending of the audit HTTP message to the target device to perform vulnerability detection on the website to be audited by using the audit HTTP message includes:
and sending the audit HTTP response message to a browser of the terminal equipment so as to perform vulnerability detection on the loading condition of the browser for loading the page to be detected based on the audit HTTP response message.
In the implementation process, when the target HTTP response message corresponding to the target HTTP request message is not found, the corresponding target HTTP response message may be returned through the website server, so that vulnerability detection on the front-end page may also be implemented.
Optionally, the HTTP message includes an HTTP request message, and the inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message includes:
inserting a vulnerability detection program into an HTTP request message in the HTTP message to obtain an audit HTTP request message;
the sending of the audit HTTP message to the target device to perform vulnerability detection on the website to be audited by using the audit HTTP message includes:
sending the audit HTTP request message to the website server;
receiving a response result returned by the website server based on the audit HTTP request message;
and detecting the vulnerability of the website server according to the response result.
In the implementation process, the audit HTTP message is sent to the website server, so that vulnerability detection of the website server can be realized, the detection range is wider, and the detection is more comprehensive.
Optionally, inserting a vulnerability detection program into an HTTP request message in the HTTP message to obtain an audit HTTP request message, including:
and inserting vulnerability detection programs into corresponding detection points of HTTP request messages in the HTTP messages in sequence to obtain audit HTTP request messages. Therefore, the problem of interference caused by the fact that a vulnerability detection program is inserted for detection at the same time is solved.
Optionally, inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message includes:
acquiring an HTTP message with the category of an application interface in the prestored HTTP messages;
and inserting a vulnerability detection program into the HTTP message with the category of the application interface to obtain an audit HTTP message. Thus, api level vulnerability detection can be achieved.
Optionally, before the obtaining of the pre-stored HTTP message for the to-be-audited website, the method further includes:
crawling initial HTTP message of the website to be audited through crawler software
And identifying the category of the initial HTTP message, acquiring the HTTP message with the category as an application interface, and storing the HTTP message.
In the implementation process, the HTTP message is crawled through crawler software, so that the obtained HTTP message is more comprehensive, more types of HTTP messages serving as application interfaces can be obtained, and the vulnerability detection range is expanded.
Optionally, the identifying the type of the initial HTTP packet, obtaining and storing the HTTP packet with the type as an application interface, includes:
screening to obtain a data HTTP message with the type of data in the initial HTTP message;
and identifying the type of the data HTTP message, acquiring the HTTP message with the type as an application interface, and storing the HTTP message.
In the implementation process, by auditing the HTTP messages with the data type of the HTPP message as the application interface, more comprehensive vulnerability detection can be realized under the condition of reducing the detected data quantity as much as possible.
In a second aspect, an embodiment of the present application provides a vulnerability detection apparatus, the apparatus includes:
the message acquisition module is used for acquiring a prestored HTTP message aiming at a website to be checked;
the detection program insertion module is used for inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message;
and the vulnerability detection module is used for sending the audit HTTP message to target equipment so as to detect the vulnerability of the website to be audited by using the audit HTTP message.
Optionally, the HTTP message includes an HTTP request message and an HTTP response message corresponding to the HTTP request message, and the detection program insertion module is configured to:
receiving a target HTTP request message sent when a browser of the terminal equipment loads a page to be detected of the website to be examined;
searching and obtaining a target HTTP response message corresponding to the target HTTP request message from the prestored HTTP message;
inserting a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message;
and the vulnerability detection module is used for sending the audit HTTP response message to a browser of the terminal equipment so as to carry out vulnerability detection on the loading condition of the browser for loading the page to be detected based on the audit HTTP response message.
Optionally, the detection program insertion module is configured to determine whether the target HTTP response packet includes a detection point that is not detected; and if so, inserting a vulnerability detection program into the corresponding detection point to obtain an audit HTTP response message.
Optionally, the detection program insertion module is further configured to mark a detection point of the vulnerability detection program inserted in the audit HTTP response message.
Optionally, the HTTP message includes an HTTP request message and an HTTP response message corresponding to the HTTP request message, and the detection program insertion module is configured to:
when a target HTTP response message corresponding to the target HTTP request message is not found from the prestored HTTP messages, sending the target HTTP request message to the website server;
receiving a target HTTP response message returned by the website server according to the target HTTP request message;
inserting a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message;
and the vulnerability detection module is used for sending the audit HTTP response message to a browser of the terminal equipment so as to carry out vulnerability detection on the loading condition of the browser for loading the page to be detected based on the audit HTTP response message.
Optionally, the HTTP message includes an HTTP request message, and the detection program insertion module is configured to insert a vulnerability detection program into the HTTP request message in the HTTP message to obtain an audit HTTP request message;
the vulnerability detection module is used for sending the audit HTTP request message to the website server; receiving a response result returned by the website server based on the audit HTTP request message; and detecting the vulnerability of the website server according to the response result.
Optionally, the detection program insertion module is configured to insert vulnerability detection programs into detection points corresponding to HTTP request messages in the HTTP messages in sequence, so as to obtain an audit HTTP request message.
Optionally, the detection program insertion module is configured to acquire an HTTP message of which the category is an application interface from among the prestored HTTP messages; and inserting a vulnerability detection program into the HTTP message with the category of the application interface to obtain an audit HTTP message.
Optionally, the apparatus further comprises:
the storage module is used for crawling the initial HTTP message of the website to be audited through crawler software; and identifying the category of the initial HTTP message, acquiring the HTTP message with the category as an application interface, and storing the HTTP message.
Optionally, the storage module is configured to filter and obtain a data HTTP message of a type of data in the initial HTTP message; and identifying the type of the data HTTP message, acquiring the HTTP message with the type as an application interface, and storing the HTTP message.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor and a memory, where the memory stores computer-readable instructions, and when the computer-readable instructions are executed by the processor, the steps in the method as provided in the first aspect are executed.
In a fourth aspect, embodiments of the present application provide a readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs the steps in the method as provided in the first aspect.
Additional features and advantages of the present application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the present application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic structural diagram of an electronic device for executing a vulnerability detection method according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a vulnerability detection method provided in an embodiment of the present application;
fig. 3 is a schematic diagram of vulnerability detection performed on a front end according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram of vulnerability detection performed on a backend according to an embodiment of the present application;
FIG. 5 is a schematic diagram of data crawling provided by an embodiment of the present application;
fig. 6 is a block diagram of a vulnerability detection apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
The embodiment of the application provides a vulnerability detection method, which comprises the steps of obtaining a prestored HTTP message aiming at a website to be audited, inserting a vulnerability detection program into the HTTP message, and sending the obtained audit HTTP message to target equipment, so that the audit HTTP message can be used for carrying out vulnerability detection on the website to be audited, and therefore, the vulnerability of the website to be audited can be comprehensively detected, and the condition of missing detection is reduced.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an electronic device for executing a vulnerability detection method according to an embodiment of the present application, where the electronic device may include: at least one processor 110, such as a CPU, at least one communication interface 120, at least one memory 130, and at least one communication bus 140. Wherein the communication bus 140 is used for realizing direct connection communication of these components. The communication interface 120 of the device in the embodiment of the present application is used for performing signaling or data communication with other node devices. The memory 130 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). Memory 130 may optionally be at least one memory device located remotely from the aforementioned processor. The memory 130 stores computer readable instructions, and when the computer readable instructions are executed by the processor 110, the electronic device executes the following method shown in fig. 2, for example, the memory 130 may be configured to store an HTTP message for a website to be audited, and the processor 110 may be configured to, when performing vulnerability detection on a network to be audited, obtain the HTTP message from the memory 130, insert a vulnerability detection program into the HTTP message to obtain an audit HTTP message, send the audit HTTP message to a target device, and perform vulnerability detection on the website to be audited using the audit HTTP message.
It will be appreciated that the configuration shown in fig. 1 is merely illustrative and that the electronic device may also include more or fewer components than shown in fig. 1 or have a different configuration than shown in fig. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
The electronic device may be a proxy server, the proxy server may be a server installed in the electronic device for detecting a website vulnerability, and may be implemented by a single server, or a server group including a plurality of servers, or may be a proxy service integrated in the electronic device, and may be understood as a proxy tool. For the convenience of description differentiation, the following embodiments are described by taking a proxy server as an example. The proxy server can be used for recording relevant information such as HTTP requests and HTTP responses.
Referring to fig. 2, fig. 2 is a flowchart of a vulnerability detection method according to an embodiment of the present application, where the method includes the following steps:
step S110: and acquiring a pre-stored HTTP message aiming at the website to be checked.
The pre-stored HTTP message can be obtained in advance, before vulnerability detection is carried out, a user with operation authority can be used for logging in the website to be audited in the browser, and in order to obtain a more comprehensive HTTP message, all operations can be carried out on the website to be audited in the browser by using the account. In the operation process, the browser sends an HTTP request message, the proxy server stores the received HTTP request message and sends the HTTP request message to the website server, then the website server responds according to the HTTP request message, namely, the website server returns a corresponding HTTP response message, at the moment, the proxy server can also store the HTTP response message and then forward the HTTP response message to the browser, namely, after all operations are completed, all the HTTP request messages and all the HTTP response messages can be stored by the proxy server after passing through the proxy server.
In addition, the above-mentioned mode of obtaining the HTTP message of the website to be reviewed can also be crawled through crawler software, so that a more comprehensive HTTP message can be automatically obtained.
The HTTP message may include an HTTP request message and/or an HTTP response message, and when storing, since the HTTP request message and the HTTP response message are in a one-to-one correspondence relationship, the HTTP request message and the HTTP response message may be stored correspondingly.
The website server is used for publishing and applying websites in the internet and is a basic hardware facility for realizing external services of the websites.
Step S120: and inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message.
When vulnerability detection is carried out, the pre-acquired HTTP message of the website to be checked can be acquired from the storage, the HTTP message is extracted, and then a vulnerability detection program is inserted into the HTTP message.
The vulnerability refers to a vulnerability or defect existing in the system, which may be a defect in the design of the application software or the operating system or an error generated in the encoding, or a design defect or an unreasonable position in the logic flow of the business in the interaction process. Therefore, in order to ensure the security of the website to be checked, a vulnerability detection program for the website to be checked can be designed in advance, the vulnerability detection program is created according to the types of vulnerabilities to be detected, common vulnerabilities include Sql injection, Xss vulnerabilities, upload vulnerabilities, cross-site scripts, expression injection, code execution, command execution, file upload, weak password vulnerabilities, redirection vulnerabilities, logic vulnerabilities, information disclosure vulnerabilities and the like, and the vulnerability detection program capable of detecting the vulnerabilities can be created according to the types.
Inserting the vulnerability detection program into the HTTP message may be to insert payload into the HTTP message, that is, inserting payload into a parameter corresponding to the HTTP message and carrying the payload in the HTTP message, so that after the obtained audit HTTP message is sent to the target device, the target device may execute the payload in the audit HTTP message, thereby realizing detection of the vulnerability.
Step S130: and sending the audit HTTP message to target equipment so as to perform vulnerability detection on the website to be audited by using the audit HTTP message.
After obtaining the audit HTTP message, the audit HTTP message can be sent to the target device. The target device may be a front-end device or a back-end device, the front-end device may be a terminal device equipped with a browser, and the back-end device may be the above-mentioned website server. The method provided by the embodiment of the application can be used for performing front-end and rear-end separate auditing, if front-end loopholes are detected, the target equipment is terminal equipment, at the moment, auditing HTTP response messages with loophole detection programs inserted can be sent to a browser of the terminal equipment, if rear-end loopholes are detected, the target equipment is a website server, at the moment, auditing HTTP request messages with loophole detection programs inserted can be sent to the website server, under the condition, the front-end and rear-end loopholes can be subjected to separate auditing, uniform detection logic is not needed for the front-end and rear-end auditing, the detection flow can be effectively optimized, the detection capacity is enhanced, and the comprehensive detection of the loopholes of a website to be audited is realized.
In the implementation process, the vulnerability detection program is inserted into the pre-stored HTTP message for the to-be-audited website, so that vulnerability detection of the to-be-audited website is realized through the obtained audit HTTP message.
In some embodiments, in the front-end auditing process, the pre-stored HTTP messages include an HTTP request message (request) and an HTTP response message corresponding to the HTTP request message (response), and when a vulnerability detection program is inserted, the vulnerability detection program is inserted into the HTTP response message, which is specifically implemented as follows: receiving a target HTTP request message sent when a browser of terminal equipment loads a page to be detected of a website to be audited, searching and obtaining a target HTTP response message corresponding to the target HTTP request message from a pre-stored HTTP message, inserting a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message, and then sending the audit HTTP response message to the browser of the terminal equipment so as to perform vulnerability detection on the loading condition that the browser loads the page to be detected based on the audit HTTP response message.
The following procedure of detecting vulnerabilities of the front end may be as shown in fig. 3, where the target site in fig. 3 is a web server in the embodiment of the present application, and may be understood with reference to fig. 3.
In the front-end vulnerability detection, vulnerability existing in the browser is mainly detected, so that when the vulnerability exists in the browser, browsing and accessing of corresponding webpages can be prevented, and browsing safety is improved. The browser can be installed on terminal equipment as a client, the terminal equipment can be a computer, a mobile phone and other terminals, when the browser accesses a certain webpage, an HTTP request message for the webpage can firstly pass through the proxy server, the proxy server realizes the forwarding of the HTTP request message, and then a response returned by the website server based on the HTTP request message is received, so that the browser can jump to a page corresponding to the HTTP request message from the current page.
The page to be detected can refer to any webpage, the target HTTP request message refers to an HTTP request message for the page to be detected, and actually, the HTTP request message stored in advance comprises the HTTP request messages corresponding to all the pages in the website to be audited, so that the target HTTP request message refers to one of the HTTP request messages stored in advance.
Since the proxy server stores the HTTP response messages corresponding to the HTTP request messages, the proxy server may not forward the target HTTP request message to the web server, but may directly search the HTTP request message identical to the target HTTP request message from the prestored HTTP request message, and then find the HTTP response message corresponding to the HTTP request message, that is, the HTTP response message corresponding to the target HTTP request message.
When searching for the HTTP request message, the HTTP request message may carry corresponding request information, such as information of a request line, a URL, a protocol version, request data, and the like, so that whether an HTTP request message identical to the request information exists in the stored HTTP request message may be searched for according to the request information, and if so, an HTTP response message corresponding to the HTTP request message is obtained as a target HTTP response message.
In order to perform vulnerability detection on the browser, a vulnerability detection program can be inserted into the target HTTP response message to obtain an audit HTTP response message, and then the audit HTTP response message is directly returned to the browser of the terminal equipment, so that the browser can operate the vulnerability detection program in the audit HTTP response message to perform vulnerability detection.
It can be understood that the vulnerability detection program may be obtained by analyzing a vulnerability of a browser, and may be continuously adjusted and updated, so that vulnerability detection may be performed on different types of browsers, that is, different vulnerability detection programs may be designed for different browsers, so that targeted detection may be performed on different browsers, in this case, a target HTTP request message sent by a browser may also carry an identifier of the browser, so that a proxy server may search for and obtain the vulnerability detection program corresponding to the browser according to the identifier of the browser, and thereby insert the vulnerability detection program into a target HTTP response message.
After the browser receives the audit HTTP response message, the browser can analyze the audit HTTP response message to obtain a vulnerability detection program, so that the vulnerability detection program can be operated, which is equivalent to injecting the vulnerability detection program when the page to be detected is loaded at present, and vulnerability detection of the loading condition of the page to be detected is realized.
It should be noted that, in the above embodiment, vulnerability detection may be performed on each page in the browser, and after the browser loads the page to be detected based on the audit HTTP response packet, the loading condition may be sent to the proxy server, so that the proxy server may detect whether a vulnerability exists in the page to be detected according to the loading condition. For example, if the loading condition of the page to be detected is inconsistent with the returned audit HTTP response message, it is considered that the page to be detected has a bug, or the page to be detected has an abnormal loading condition, and the like. Of course, in practical application, the vulnerability detection program can be flexibly set according to the vulnerability detection requirement, and whether the vulnerability exists or not can be determined according to different loading conditions.
The page to be detected can be understood as a locally stored web page, an HTTP request needs to be sent to the web server when the web page is opened in the browser, and since the proxy server can intercept the HTTP request, the proxy server can modify a HTTP response message to insert a vulnerability detection program when returning the HTTP response message.
In the front-end vulnerability detection process, when the corresponding HTTP response message is found in the HTTP request message sent by the browser, the HTTP request message does not need to be forwarded to the website server, so that the request playback function can be realized, the request playback can ensure the normal rendering of the front-end page under the condition of not accessing the website server, the problem of repeatedly sending requests to the website server is avoided, and the number of requests can be effectively reduced.
In the implementation process, the audit HTTP response message is obtained and sent to the browser, so that vulnerability detection can be performed on the page of the browser, detection of the front-end page is achieved, the request does not need to be sent to the website server again, the number of requests in the vulnerability detection process can be effectively reduced, and the burden of the website server is relieved.
In some embodiments, since multiple vulnerabilities may need to be detected, multiple detection points may be set in the HTTP message, and a vulnerability detection program is inserted into the multiple detection points to detect vulnerabilities in multiple places. When the vulnerability detection program is inserted into the target HTTP response message, whether the target HTTP response message includes undetected detection points or not can be judged, if yes, the vulnerability detection program is inserted into the corresponding detection points, and the audit HTTP response message is obtained.
It can be understood that, after the HTTP response message is obtained by crawling, in order to detect the page of the website to be audited, a plurality of detection points may be set in the HTTP response message, and in order to avoid interference caused when a plurality of detection points are detected simultaneously, detection may be performed for one detection point at a time, that is, a vulnerability detection program is inserted into one detection point at a time. The browser can generate a page to be detected according to a preset program, after a target HTTP response message is obtained each time, whether a detection point which is not detected is included can be judged, if yes, a vulnerability detection program is inserted into the detection point and then returned to the browser, only when the detection point is not included in the target HTTP response message, the browser generates a next page to be detected, then vulnerability detection is carried out on the next page to be detected, similarly, the detection point can be set in the HTTP response message corresponding to the next page to be detected, and vulnerability detection is carried out by inserting the vulnerability detection program into the detection point each time.
The above-mentioned detection point may be understood as a position where a vulnerability detection program is inserted in the target HTTP response message, for example, the detection point includes: and responding to data in a message header, a message body and the like in the message by the HTTP.
When the vulnerability is detected, traversing detection points in the target HTTP response message, and then inserting a vulnerability detection program into one detection point each time, so that the next page to be detected is loaded until all the detection points in the target HTTP response message are traversed.
In the implementation process, the vulnerability detection program is inserted into the detection points in the target HTTP response message, so that the problem of interference caused by the vulnerability detection program being inserted into a plurality of detection points at the same time can be avoided.
In some embodiments, in order to facilitate identification of multiple detection points, after a vulnerability detection program is inserted into a detection point of a target HTTP response message, the detection point may be marked, that is, a detection point into which the vulnerability detection program is inserted in an audit HTTP message is marked, so that the detection points that are not detected may be identified to avoid the problem of repeated detection.
The marking method may refer to adding a corresponding mark to a detection point, for example, adding "has _ check _ point: true" to headers of a packet header of a packet, so that a detected detection point can be identified, and then inserting a vulnerability detection program into an undetected detection point next time.
It is understood that the vulnerability detection programs corresponding to each detection point may be different. And when detection is carried out, all detection points can be inserted into the corresponding vulnerability detection programs at one time, so that rapid detection can be realized, and the efficiency is higher.
In some embodiments, in the front-end auditing process, if the pre-selected and stored HTTP messages may not be complete, so that a target response message corresponding to the target HTTP request message may not be found, in this case, the proxy server may send the target HTTP request message to the web server, the web server may return the corresponding target HTTP response message according to the target HTTP request message, and after receiving the target HTTP response message, the proxy server may insert a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message, and then send the audit HTTP response message to the browser of the terminal device, so as to perform vulnerability detection on a loading condition that the browser loads a page to be detected based on the audit response message.
The detection process is similar to the above embodiment, except that the target HTTP response message is not obtained from the pre-stored HTTP message, but is returned by the web server, so that even if the target HTTP response message corresponding to the target HTTP request message cannot be obtained from the stored HTTP message, the corresponding target HTTP response message can be obtained from the web server, thereby realizing the response of the page to be detected.
In the implementation process, when the target HTTP response message corresponding to the target HTTP request message is not found, the corresponding target HTTP response message may be returned through the website server, so that vulnerability detection on the front-end page may also be implemented.
In some embodiments, in the back-end auditing process, the vulnerability existing in the website server is mainly detected, which is similar to the front-end detection, but the difference is that the vulnerability detection program is inserted into the HTTP request message and then the HTTP request message is sent to the website server, so the pre-stored HTTP message may include the HTTP request message, and the detection process includes: inserting a vulnerability detection program into an HTTP request message in a prestored HTTP message to obtain an audit HTTP request message, then sending the audit HTTP request message to a website server, responding to the audit HTTP request message after the website server receives the audit HTTP request message, returning a corresponding response result to a proxy server, and detecting vulnerabilities of the website server according to the response result after the proxy server receives the response result.
During detection, a vulnerability detection program can be inserted into each HTTP request message, the way of inserting the vulnerability detection program is similar to the way of inserting the vulnerability detection program into the HTTP response message in the above embodiment, the vulnerability detection program is inserted into the corresponding detection point, and for the sake of brevity of description, the specific insertion process is not described repeatedly herein.
The following procedure for vulnerability detection at the backend can be understood with reference to fig. 4, which is shown in fig. 4.
It can be understood that the vulnerability detection program may be obtained by analyzing vulnerabilities of the website servers, and may be continuously adjusted and updated, so that vulnerability detection may be performed for different website servers, that is, different vulnerability detection programs may be designed for different website servers, so that targeted detection may be performed for different website servers.
After receiving the audit HTTP request message, the website server executes the vulnerability detection program, then responses, wherein the response result comprises whether normal response can be performed or whether the returned response is abnormal or whether the response time is too long, and the like, and the proxy server can judge whether the response result is normal according to a set rule, so that corresponding vulnerability detection is realized.
When vulnerability detection is carried out on the rear end, the auditing object is an HTTP request message and is irrelevant to the front end page, so that a browser is not needed, and data normalization verification of the front end page can be effectively avoided, so that vulnerability detection capability is improved.
In the implementation process, the audit HTTP message is sent to the website server, so that vulnerability detection of the website server can be realized, the detection range is wider, and the detection is more comprehensive.
In order to perform comprehensive vulnerability detection and avoid interference on the website server, when a vulnerability detection program is inserted, the vulnerability detection program can be sequentially inserted into corresponding detection points of an HTTP request message, that is, if a plurality of detection points exist in one HTTP request message, the vulnerability detection program is inserted into one detection point each time, then the vulnerability detection program is sent to the website server, vulnerability detection is performed after a response result is obtained, then the vulnerability detection program is continuously inserted into the next detection point, the process is continued until the detection points in the HTTP request message are all inserted into the vulnerability detection program and sent to the website server, and then the next HTTP request message is obtained for detection.
In the front-end auditing and back-end auditing processes, as the HTTP request message and the HTTP response message are stored in advance, the HTTP request message and the HTTP response message can be changed according to requirements during vulnerability detection, namely a vulnerability detection program is inserted, so that the number of requests in the vulnerability detection process can be effectively reduced. And because the vulnerability detection program is switched from the injection position to the HTTP request message and the HTTP response message from the front-end page, the auditing range is wider and more comprehensive, and meanwhile, because the vulnerability detection program is not restricted by data normative verification, the vulnerability detection capability can be greatly enhanced.
In some embodiments, since the HTTP messages are classified into multiple categories, such as static files (e.g., css, js, etc.), application interfaces api, pages, etc., and the static files and the pages are data that do not change much, in order to simplify the detection process, the HTTP messages with the category of the application interface may be used as audit messages, and for example, in the process of inserting the vulnerability detection program, the HTTP messages with the category of the application interface in the prestored HTTP messages may be obtained first, and then the HTTP vulnerability detection program is inserted into the HTTP messages with the category of the application interface, so as to obtain the HTTP audit messages.
For example, in the front-end detection process, after the target response message is obtained, the HTTP response message with the category of the application interface may be searched from a pre-stored HTTP response message, and then whether the HTTP response message with the category of the application interface has a target HTTP response message corresponding to the target HTTP request message is searched, and if the target HTTP response message with the category of the application interface has the target HTTP response message, the vulnerability detection program is inserted into the target HTTP response message and then the target HTTP response message is returned to the browser. In the back-end detection process, an HTTP request message with the category of an application interface may be searched from a pre-stored HTTP message, and then a vulnerability detection program is inserted into the HTTP request message and sent to the server.
In some embodiments, in order to perform vulnerability detection on the application interface, before storing the HTTP message, the category of the HTTP message may be identified, and then the HTTP message whose category is the application interface is stored, which is implemented by: and crawling by crawler software to obtain an initial HTTP message of the website to be audited, then identifying the category of the initial HTTP message, obtaining the HTTP message of which the category is an application interface, and storing the HTTP message.
The whole-station crawling of the target website needs to be completed in the crawler stage, and all pages containing JavaScript also need to be rendered by using a browser, so that the application interface api provided by the back end is ensured not to be omitted, and more comprehensive detection is realized. In the whole crawling process, the proxy server does not modify the HTTP request message and the HTTP response message. Since the HTPP request messages and the HTTP response messages are in one-to-one correspondence, the HTPP request messages and the HTPP response messages can be combined for analyzing the categories thereof.
Taking an ajax request using json as a data exchange format as an example, if the Content-Type of the HTPP request message is application/json and the body is json, the Type of the HTPP request message can be determined to be api, if the Type of the HTPP request message cannot be determined through the HTPP request message, the Type can be determined through the corresponding HTPP response message, and similarly, if the Content-Type of the HTPP response message is application/json and the body is json, since json data is rarely directly rendered on a page, the HTPP request message can also be determined to be used for data exchange and the Type is api.
In order to facilitate auditing of all HTTP messages, the proxy server may store all HTTP messages, and during storage, the HTTP messages may be stored in different categories, for example, the HTTP messages are divided into three categories, i.e., application interface, page (html) and static file (e.g., css, js, etc.), and then each pair of HTTP request message and HTTP response message and their categories are stored as a piece of data in the proxy server for use in a subsequent detection stage. The crawling process of the crawler stage is schematically shown in FIG. 5.
In the implementation process, the HTTP message is crawled through crawler software, so that the obtained HTTP message is more comprehensive, more types of HTTP messages serving as application interfaces can be obtained, and the vulnerability detection range is expanded.
In some embodiments, in order to implement more detailed vulnerability detection according to requirements, the HTTP messages of the data type may also be detected, and in the process of obtaining the HTTP messages of the application interface type, the data HTTP messages of the data type in the initial HTTP message may also be obtained by screening, and then the type of the data HTTP messages is identified, and the HTTP messages of the application interface type are obtained and stored.
In a website with front and back ends separated, a page really displayed to a user mainly comprises a template and data, wherein the template is an html document in the conventional sense, the data is various, such as json, xml, list and the like, the type of the data mainly depends on the implementation mode of developers, and after the HTTP messages of the template and the data are obtained, JavaScript renders the data to the template to finally generate an actual page seen by the user.
Therefore, the template type HTTP message basically has no change, and only the HTTP message with the type of data needs to be audited in order to accelerate the detection process. After all the HTTP messages are crawled, the types of the HTTP messages can be distinguished, so that the HTTP messages with the data type and the HTTP messages with the template type are distinguished, and then the HTTP messages with the type being the application interface are identified from the data HTTP messages to be stored.
It can be understood that, if the HTTP message of the template type and the HTTP message of the data type are identified, and then the HTTP messages of the data type are identified as three types of HTTP messages, namely api, page, and static file, the HTTP messages of the corresponding type may be selected for detection according to the requirement during the detection. Of course, in order to achieve more comprehensive inspection, all HTTP messages may be used for detection, so as to avoid the problem of missed report.
Therefore, the api provided by the back end can be accurately analyzed through analyzing the HTTP request message and the HTTP response message in the crawler stage, and the api level detection is realized. Moreover, the auditing object in the embodiment of the application is not limited to the page any more, but can be extended to the api level, so that the api can be audited without omission or repetition.
In addition, all HTTP request messages and HTTP response messages are stored in the crawler stage, so that the HTTP request messages and the HTTP response messages can be modified and played back as required in the vulnerability detection stage, and the number of requests in the detection process can be effectively reduced.
In the embodiment of the application, vulnerability detection is divided into front-end detection and back-end detection, the auditing object of the front end is a page, namely, the detection is carried out on the browser, mainly the vulnerability occurring in the rendering process of the browser is detected, such as cross-site scripting attack and the like, and the occurring position is the browser; the audit object at the back end is an application interface provided by the server, that is, the server is detected, and means that the server is a server at the position of occurrence of a vulnerability, such as SQL injection, operating system bright injection and the like, occurring when processing front-end data or a request. Therefore, a front-end and back-end separation auditing mode can be realized, after front-end and back-end loopholes are separated and detected, the detection plug-in for detecting the front-end and back-end loopholes respectively plays its own roles, only corresponding auditing objects are audited, and the auditing objects are not interfered with each other.
Referring to fig. 6, fig. 6 is a block diagram illustrating a vulnerability detection apparatus 200 according to an embodiment of the present disclosure; the apparatus 200 may be a module, a program segment, or code on an electronic device. It should be understood that the apparatus 200 corresponds to the above-mentioned embodiment of the method of fig. 2, and can perform various steps related to the embodiment of the method of fig. 2, and the specific functions of the apparatus 200 can be referred to the above description, and the detailed description is appropriately omitted here to avoid redundancy.
Optionally, the apparatus 200 comprises:
the message acquisition module 210 is configured to acquire a prestored HTTP message for the website to be checked;
a detection program insertion module 220, configured to insert a vulnerability detection program into the HTTP message, so as to obtain an audit HTTP message;
and the vulnerability detection module 2030 is configured to send the audit HTTP message to a target device, so as to perform vulnerability detection on the website to be audited by using the audit HTTP message.
Optionally, the HTTP message includes an HTTP request message and an HTTP response message corresponding to the HTTP request message, and the detection program insertion module 220 is configured to:
receiving a target HTTP request message sent when a browser of the terminal equipment loads a page to be detected of the website to be examined;
searching and obtaining a target HTTP response message corresponding to the target HTTP request message from the prestored HTTP message;
inserting a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message;
the vulnerability detection module 230 is configured to send the audit HTTP response packet to a browser of the terminal device, so as to perform vulnerability detection on a loading condition that the browser loads the page to be detected based on the audit HTTP response packet.
Optionally, the detection program inserting module 220 is configured to determine whether the target HTTP response packet includes a detection point that is not detected; and if so, inserting a vulnerability detection program into the corresponding detection point to obtain an audit HTTP response message.
Optionally, the detection program inserting module 220 is further configured to mark a detection point of the vulnerability detection program inserted in the audit HTTP response message.
Optionally, the HTTP message includes an HTTP request message and an HTTP response message corresponding to the HTTP request message, and the detection program insertion module 220 is configured to:
when a target HTTP response message corresponding to the target HTTP request message is not found from the prestored HTTP messages, sending the target HTTP request message to the website server;
receiving a target HTTP response message returned by the website server according to the target HTTP request message;
inserting a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message;
the vulnerability detection module 230 is configured to send the audit HTTP response packet to a browser of the terminal device, so as to perform vulnerability detection on a loading condition that the browser loads the page to be detected based on the audit HTTP response packet.
Optionally, the HTTP message includes an HTTP request message, and the detection program insertion module 220 is configured to insert a vulnerability detection program into the HTTP request message in the HTTP message to obtain an audit HTTP request message;
the vulnerability detection module 230 is configured to send the audit HTTP request message to the website server; receiving a response result returned by the website server based on the audit HTTP request message; and detecting the vulnerability of the website server according to the response result.
Optionally, the detection program inserting module 220 is configured to insert vulnerability detection programs into detection points corresponding to HTTP request messages in the HTTP messages in sequence, so as to obtain an audit HTTP request message.
Optionally, the detection program inserting module 230 is configured to obtain a prestored HTTP message of which the category is an application interface; and inserting a vulnerability detection program into the HTTP message with the category of the application interface to obtain an audit HTTP message.
Optionally, the apparatus 200 further comprises:
the storage module is used for crawling the initial HTTP message of the website to be audited through crawler software; and identifying the category of the initial HTTP message, acquiring the HTTP message with the category as an application interface, and storing the HTTP message.
Optionally, the storage module is configured to filter and obtain a data HTTP message of a type of data in the initial HTTP message; and identifying the type of the data HTTP message, acquiring the HTTP message with the type as an application interface, and storing the HTTP message.
It should be noted that, for the convenience and brevity of description, the specific working procedure of the above-described apparatus may refer to the corresponding procedure in the foregoing method embodiment, and the description is not repeated herein.
Embodiments of the present application provide a readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, performs the method processes performed by an electronic device in the method embodiment shown in fig. 2.
The present embodiments disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-described method embodiments, for example, comprising: acquiring a pre-stored HTTP message aiming at a website to be checked; inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message; and sending the audit HTTP message to target equipment so as to perform vulnerability detection on the website to be audited by using the audit HTTP message.
In summary, the embodiments of the present application provide a vulnerability detection method, apparatus, electronic device and readable storage medium, where a vulnerability detection program is inserted into a pre-stored HTTP message for a to-be-audited website, so that vulnerability detection of the to-be-audited website is realized through an obtained audit HTTP message, and since the HTTP message is not only a message for a page, the HTTP message in the present application is all messages for the to-be-audited website, so that the to-be-audited website can be detected more comprehensively, and the probability of missing reports is reduced.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (13)
1. A vulnerability detection method, the method comprising:
acquiring a pre-stored HTTP message aiming at a website to be checked;
inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message;
and sending the audit HTTP message to target equipment so as to perform vulnerability detection on the website to be audited by using the audit HTTP message.
2. The method according to claim 1, wherein the HTTP message includes an HTTP request message and an HTTP response message corresponding to the HTTP request message, and the inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message includes:
receiving a target HTTP request message sent when a browser of the terminal equipment loads a page to be detected of the website to be examined;
searching and obtaining a target HTTP response message corresponding to the target HTTP request message from the prestored HTTP message;
inserting a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message;
the sending of the audit HTTP message to the target device to perform vulnerability detection on the website to be audited by using the audit HTTP message includes:
and sending the audit HTTP response message to a browser of the terminal equipment so as to perform vulnerability detection on the loading condition of the browser for loading the page to be detected based on the audit HTTP response message.
3. The method according to claim 2, wherein inserting a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message comprises:
judging whether the target HTTP response message comprises undetected detection points or not;
and if so, inserting a vulnerability detection program into the corresponding detection point to obtain an audit HTTP response message.
4. The method of claim 3, wherein after obtaining the audit HTTP response message, further comprising:
and marking the detection points of the vulnerability detection program inserted into the audit HTTP response message.
5. The method according to claim 1, wherein the HTTP message includes an HTTP request message and an HTTP response message corresponding to the HTTP request message, and the inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message includes:
receiving a target HTTP request message sent when a browser of the terminal equipment loads a page to be detected of the website to be examined;
when a target HTTP response message corresponding to the target HTTP request message is not found from the prestored HTTP messages, sending the target HTTP request message to the website server;
receiving a target HTTP response message returned by the website server according to the target HTTP request message;
inserting a vulnerability detection program into the target HTTP response message to obtain an audit HTTP response message;
the sending of the audit HTTP message to the target device to perform vulnerability detection on the website to be audited by using the audit HTTP message includes:
and sending the audit HTTP response message to a browser of the terminal equipment so as to perform vulnerability detection on the loading condition of the browser for loading the page to be detected based on the audit HTTP response message.
6. The method according to claim 1, wherein the HTTP message comprises an HTTP request message, and the inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message comprises:
inserting a vulnerability detection program into an HTTP request message in the HTTP message to obtain an audit HTTP request message;
the sending of the audit HTTP message to the target device to perform vulnerability detection on the website to be audited by using the audit HTTP message includes:
sending the audit HTTP request message to the website server;
receiving a response result returned by the website server based on the audit HTTP request message;
and detecting the vulnerability of the website server according to the response result.
7. The method according to claim 6, wherein inserting a vulnerability detection program into an HTTP request message in the HTTP message to obtain an audit HTTP request message comprises:
and inserting vulnerability detection programs into corresponding detection points of HTTP request messages in the HTTP messages in sequence to obtain audit HTTP request messages.
8. The method according to any one of claims 1 to 7, wherein inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message comprises:
acquiring an HTTP message with the category of an application interface in the prestored HTTP messages;
and inserting a vulnerability detection program into the HTTP message with the category of the application interface to obtain an audit HTTP message.
9. The method according to claim 8, wherein before the obtaining the pre-stored HTTP message for the web site under review, the method further comprises:
crawling an initial HTTP message of the website to be audited through crawler software;
and identifying the category of the initial HTTP message, acquiring the HTTP message with the category as an application interface, and storing the HTTP message.
10. The method according to claim 9, wherein the identifying the category of the initial HTTP packet, obtaining and storing the HTTP packet whose category is an application interface, comprises:
screening to obtain a data HTTP message with the type of data in the initial HTTP message;
and identifying the type of the data HTTP message, acquiring the HTTP message with the type as an application interface, and storing the HTTP message.
11. A vulnerability detection apparatus, the apparatus comprising:
the message acquisition module is used for acquiring a prestored HTTP message aiming at a website to be checked;
the detection program insertion module is used for inserting a vulnerability detection program into the HTTP message to obtain an audit HTTP message;
and the vulnerability detection module is used for sending the audit HTTP message to target equipment so as to detect the vulnerability of the website to be audited by using the audit HTTP message.
12. An electronic device comprising a processor and a memory, the memory storing computer readable instructions that, when executed by the processor, perform the method of any of claims 1-10.
13. A readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-10.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011643799.8A CN112653709A (en) | 2020-12-30 | 2020-12-30 | Vulnerability detection method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011643799.8A CN112653709A (en) | 2020-12-30 | 2020-12-30 | Vulnerability detection method and device, electronic equipment and readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112653709A true CN112653709A (en) | 2021-04-13 |
Family
ID=75367089
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011643799.8A Pending CN112653709A (en) | 2020-12-30 | 2020-12-30 | Vulnerability detection method and device, electronic equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112653709A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114422278A (en) * | 2022-04-01 | 2022-04-29 | 奇安信科技集团股份有限公司 | Method, system and server for detecting program security |
CN114598524A (en) * | 2022-03-07 | 2022-06-07 | 北京百度网讯科技有限公司 | Method, device, equipment and storage medium for detecting agent tool |
CN115118493A (en) * | 2022-06-27 | 2022-09-27 | 北京天融信网络安全技术有限公司 | Message query method and device, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103095681A (en) * | 2012-12-03 | 2013-05-08 | 微梦创科网络科技(中国)有限公司 | Loophole detection method and device |
CN106101145A (en) * | 2016-08-10 | 2016-11-09 | 北京神州绿盟信息安全科技股份有限公司 | A kind of website vulnerability detection method and device |
CN107832622A (en) * | 2017-12-08 | 2018-03-23 | 平安科技(深圳)有限公司 | Leak detection method, device, computer equipment and storage medium |
US20190327267A1 (en) * | 2018-04-24 | 2019-10-24 | International Business Machines Corporation | Phishing detection through secure testing implementation |
CN110958221A (en) * | 2019-10-25 | 2020-04-03 | 杭州数梦工场科技有限公司 | Method and device for dynamically detecting injection vulnerability of XML external entity |
-
2020
- 2020-12-30 CN CN202011643799.8A patent/CN112653709A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103095681A (en) * | 2012-12-03 | 2013-05-08 | 微梦创科网络科技(中国)有限公司 | Loophole detection method and device |
CN106101145A (en) * | 2016-08-10 | 2016-11-09 | 北京神州绿盟信息安全科技股份有限公司 | A kind of website vulnerability detection method and device |
CN107832622A (en) * | 2017-12-08 | 2018-03-23 | 平安科技(深圳)有限公司 | Leak detection method, device, computer equipment and storage medium |
US20190327267A1 (en) * | 2018-04-24 | 2019-10-24 | International Business Machines Corporation | Phishing detection through secure testing implementation |
CN110958221A (en) * | 2019-10-25 | 2020-04-03 | 杭州数梦工场科技有限公司 | Method and device for dynamically detecting injection vulnerability of XML external entity |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114598524A (en) * | 2022-03-07 | 2022-06-07 | 北京百度网讯科技有限公司 | Method, device, equipment and storage medium for detecting agent tool |
CN114598524B (en) * | 2022-03-07 | 2023-11-17 | 北京百度网讯科技有限公司 | Method, device, equipment and storage medium for detecting agent tool |
CN114422278A (en) * | 2022-04-01 | 2022-04-29 | 奇安信科技集团股份有限公司 | Method, system and server for detecting program security |
CN115118493A (en) * | 2022-06-27 | 2022-09-27 | 北京天融信网络安全技术有限公司 | Message query method and device, electronic equipment and storage medium |
CN115118493B (en) * | 2022-06-27 | 2023-11-10 | 北京天融信网络安全技术有限公司 | Message query method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101964025B (en) | XSS detection method and equipment | |
KR101001132B1 (en) | Method and System for Determining Vulnerability of Web Application | |
CN112653709A (en) | Vulnerability detection method and device, electronic equipment and readable storage medium | |
US8949990B1 (en) | Script-based XSS vulnerability detection | |
EP2715599B1 (en) | Application security testing | |
US20150271202A1 (en) | Method, device, and system for detecting link layer hijacking, user equipment, and analyzing server | |
CN107124430B (en) | Page hijacking monitoring method, device, system and storage medium | |
CN104766014A (en) | Method and system used for detecting malicious website | |
CN105791261B (en) | A kind of detection method and detection device of cross-site scripting attack | |
KR20110095534A (en) | Real-time vulnerability diagnoses and results information offer service system of web service | |
CN108632219A (en) | A kind of website vulnerability detection method, detection service device and system | |
CN111177519B (en) | Webpage content acquisition method, device, storage medium and equipment | |
CN103647678A (en) | Method and device for online verification of website vulnerabilities | |
CN113114680B (en) | Detection method and detection device for file uploading vulnerability | |
CN112637361B (en) | Page proxy method, device, electronic equipment and storage medium | |
CN104573520A (en) | Method and device for detecting permanent type cross site scripting vulnerability | |
CN114491560A (en) | Vulnerability detection method and device, storage medium and electronic equipment | |
CN113220584B (en) | Page test method, page test device, computer equipment and readable storage medium | |
CN111131236A (en) | Web fingerprint detection device, method, equipment and medium | |
JPWO2014156825A1 (en) | Log output control device, method and program | |
Ham et al. | Big Data Preprocessing Mechanism for Analytics of Mobile Web Log. | |
CN112446030B (en) | Method and device for detecting file uploading vulnerability of webpage end | |
CN114003916A (en) | Method, system, terminal and storage medium for testing WEB role longitudinal override vulnerability | |
EP3660678A1 (en) | Canary release for static content | |
CN108989371B (en) | Data reporting method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210413 |